Entreprise d'experts en Sécurité Informatique : Audits et conseils en cybersécurité
Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com


CVE-2023-45857

Description

An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.

POC

Reference

No PoCs from references.

Github

- https://github.com/NUS-ISS-SECURE-TEAM-5/mall-admin-frontend

- https://github.com/bmuenzenmeyer/axios-1.0.0-migration-guide

- https://github.com/dansclearov/interview-assignment

- https://github.com/fuyuooumi1027/CVE-2023-45857-Demo

- https://github.com/intercept6/CVE-2023-45857-Demo

- https://github.com/nomi-sec/PoC-in-GitHub

- https://github.com/seal-community/cli

- https://github.com/seal-community/patches

- https://github.com/stiifii/tbo_projekt

- https://github.com/tirtha4/DepDrift

- https://github.com/valentin-panov/CVE-2023-45857

- https://github.com/zvigrinberg/exhort-service-readiness-experiment